Pennsylvania health insurance company warns of security breach
A Pennsylvania health insurance company issued a notice following a security incident that exposed the private health information of some members.
Independence Blue Cross issued a notice regarding the security incident on Monday, Sept. 17. According to the notice, the company’s privacy office was notified about a security issue on July 19. During an investigation, it found that an employee uploaded a file with private member health information to a public-facing website and the information was publicly accessible from April 23 to July 20.
“The investigation confirmed the information present on the website included the following information related to the affected members: member name, date of birth, diagnosis codes, provider information, and other information used for claim processing purposes. This incident did not involve any social security numbers, financial information or credit information,” the company said in a statement.
The company said the incident affected less than 1 percent of its members. According to its website, the company serves 8.5 million people across the United States. One percent would be equal to about 85,000 members.
According to the notice, the company hasn’t been able to determine if the health information was accessed and is unaware of any misuse of information. It’s also offering impacted members free credit monitoring and identity protection services.
The company also said the “appropriate action was taken with the employee responsible for uploading the subject file.”